Antoine Neuenschwander
After completing his Master's degree in Computer Science at ETH Zurich, Antoine has held various security-oriented IT roles as a system administrator, software developer, penetration tester, and security analyst. He joined Swisscom in 2019 in the Computer Security Incident Response Team (CSIRT) and took on the technical lead of the Bug Bounty Program in 2022.
Session
By crowdsourcing vulnerability hunting, bug bounty programs add an essential security layer as a last line of defense to catch what slips through conventional controls. Over the past 15 years, platforms like hackerone and bugcrowd have played a major role in legitimizing and popularizing the concept, opening up bug hunting to a broader audience while corporate adoption steadily increased. However, as the ecosystem grew, so did the misalignment between the interests of hackers, companies, and platforms, creating unintended consequences, conflicting incentives, and sometimes working against the very security these programs aim to improve. In this talk, I'll share my observations on these dynamics from running the self-managed bug bounty program at Swisscom for the past 4 years.